This fixes a bug introduced by commit
5a00689930ab975fdd1b37b034475017e460cf2a
The patch adds an extra page to npages to hold the bitmap returned by
the server.
Bruce Fields pointed out that the changes introduced by the patch will
cause the array npages to overflow if a buffer of size greater than or
equal to XATTR_SIZE_MAX is passed to __nfs4_get_acl_uncached()
Signed-off-by: Sachin Prabhu <sprabhu@xxxxxxxxxx>
---
fs/nfs/nfs4proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 6352741..86333b8 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3768,7 +3768,7 @@ out:
*/
static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
{
- struct page *pages[NFS4ACL_MAXPAGES] = {NULL, };
+ struct page *pages[NFS4ACL_MAXPAGES+1] = {NULL, };
struct nfs_getaclargs args = {
.fh = NFS_FH(inode),
.acl_pages = pages,
--
1.7.11.4
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
